cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 11

NETAPP API Issues after Windows Updates

So in case you didn't notice if you are monitoring netapp's or anything else that uses a SSL/TLS connection to the API of the device you might have noticed they stopped polling.

Here is the error in the SRM Logs

2016-11-21 06:15:36,416 [STP SmartThreadPool Thread #2] ERROR SolarWinds.SRM.NetAPP.NetAppServerBase - Failed invoking API
NetApp.Manage.NaException: Failed invoking API ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at NetApp.Manage.HTTPClient.DoRequest()
--- End of inner exception stack trace ---
at NetApp.Manage.NaServer.InvokeElem(NaElement element)
at SolarWinds.SRM.NetAPP.NetAppServerBase.InvokeCommand(String apiName, IList`1 outputAttributes, IList`1 parameters)

This is mainly due to a security update in Windows for longer certs to be required below are the updates that are applicable and the document about the update.

2012 R2 and Windows 8
KB3185331
KB3188743
KB3174644

2008 R2 and Windows 7
KB3185278
KB3185330
KB3192391
KB3175024

KB3172605

Microsoft Security Bulletin MS16-111 - Important

To fix this instead of uninstalling some critical updates that provide stronger security all you need to do is update the certs to 2048 bytes and at least SHA-2. I hope this helps some people as it drove me crazy for a while.

Here is the doc to update the NetApp certs http://www.regmen.com/upload-ssh-keys-netapp-7-mode/

3 Replies
Level 18

Very useful post indeed. Did you have to change anything in SRM?

Jiri

0 Kudos
Level 11

Nope just had to update the certs on the client devices, its better that way to stay security compliant. A lot of people have just been uninstalling the updates which is a bad practice.

0 Kudos
Level 18

Ok, thanks!

0 Kudos